Creating credibility through risk and compliance controls
Industries have recently faced a spate of accusations of bribery and corruption when outsourcing professional services such as communication and technology services. ITWeb Events spoke to third party risk expert from Liberty, Moroke Phajane to establish how they are dealing with this risk.
ITWeb: Could you tell our readers what they should consider when enhancing their brand and reputation with robust risk and compliance controls?
Phajane: Suppliers can strategically position themselves as credible businesses and attract interest from potential customers by demonstrating that they have robust risk and management controls that will prevent data breaches, contravention of applicable laws and ensure services are provided without any disruptions.
ITWeb: What steps do you think are being taken by the corporate entities to carefully scrutinise their third party suppliers in order to minimise their risk exposure?
Phajane: Most corporate entities have a Procurement of Goods and Services Policy, which requires that a formal transparent process be followed when selecting suppliers. There are generic criteria that are generally used to assess and select suppliers. They include: preferential procurement (the service provider's Black Economic Empowerment status), operational and technical capability, assessment of service provider's liquidity and solvency, commercial assessment (charge out rates, pricing structures, cost benefit analysis) and risk and compliance management controls (information security, business continuity, compliance with laws).
ITWeb: Why do you feel companies are starting to scrutinise the necessity of outsourcing professional services including information communication and technology services? And how can they ensure that risk is still properly mitigated?
Phajane: The recent corruption scandals relating to suppliers has resulted in companies carefully scrutinising the risks inherent in their engagements with third party suppliers. In addition, the current economic climate has prompted corporate entities to explore innovative ways of saving costs without compromising the quality of services required from third party suppliers. This simply means a professional services provider with effective governance, controls, suitably qualified personnel and a flexible fee structure will be most attractive to corporate entities.
ITWeb: What top three key points would you like to leave the delegates with from your upcoming presentation?
Phajane: It is important for third-party suppliers to understand the importance of taking control of their risk status, have knowledge of the risk and management controls corporate entities require their third party suppliers to have in place and be able to demonstrate that they have necessary risk and compliance controls required by corporate entities.